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Please rejjja'ce the paragraph beginning at page 12, line 9 with the following rewritten 
paragraph: _ 



When request 5 14 is received by the web server 503, the request can be passed to proxy 
data exchange filter software that can extract the added fields 304-305 from the request 514, 
decrypt the session key and the user profile information contained in the fields 304-305 and 
make the user profile information available to web server applications. The user profile 
information may be made available to web server applications by setting HTTP environment 
variables, by storing it in a database, by placing it in shared memory, and/or using other data 
exchange techniques. The proxy data exchange filter software may then pass the request 514 
back to the web server for further processing and for generation of a response 515. 



IN THE CLAIMS 



Please amend claims 13-19 and 31 as follows. 




13. A data transfer method performed at an information server, the method comprising: 
eiving an augmented data request including encrypted user profile information added 
by a proxy i 

extracting tfte^ncrypted user profile information added to the data request by the proxy 

server; 

using the extracted proffksJnformation to generate a response; and 
sending the response to the prb^y server. 



14. The method of claim 13 wherein uslfcg the extracted user profile information to 
generate a response comprises providing the extract8d s user profile information to a web 
application and generating the response by processing theNveb application. 



1 5. The method of claim 14 wherein providing the extracteikuser profile information 
comprises setting HTTP environment variables at a web server and whCT&jn the web application 
comprises a common gateway interface script. 
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,16. The method of claim 13 further comprising storing the extracted user profile 
information at the information server and associating a reference token with the stored user 
profile information, and wherein the response further comprises the reference token. 




17. The me^od of claim 16 further comprising: 

receiving from \he proxy server a second data request comprising the reference token; 
extracting the reference token from the second data request; 
accessing the stored user profile information based on the reference token; and 
using the stored user profile information to generate a response to the second data 





request. 



1 8. The method of claim 13 whe^in extracting the user profile information comprises 
decrypting the user profile information. 

19. The method of claim 18 wherein theNiata request further comprises a session key 
added to the data request by the proxy server and wherein decrypting the user profile information 
comprises using the session key to decrypt the user profile information. 

3 1 . An information server comprising: 

a network interface operatively coupling the information server to a target server; and 
a processor operatively coupled to the network interface Vid to a memory comprising 
executable instructions for causing the processor to receive a data request from the proxy server, 
decrypt user profile information added to the data request by the target server; and use the 
decrypted user profile information to generate a response to the data request. 



a<j/tl 



Please add the following new claims 33-42. 




—33. A method performed at a proxy server, the method comprising: 
receiving a request from a client; 

determining destination information associated with the request; 
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ietermining a target server associated with the destination information should receive 
user profile information; 

augmenting the request by adding encrypted user profile information; and 
sending the augmented request to the target server. 

34. The method of claim 33 further comprising: 
determining^ valid public key for the target server; 
encrypting a Session key using the public key; and 
augmenting theVequest by adding the encrypted session key 



35. The method of Maim 34 further comprising: 

determining a valid public key for the target server; 

encrypting a session keV information using the public key; 

encrypting the user profile^ information using the encrypted session key; and 

augmenting the request by adding the public key, encrypted session key, and encrypted 



user profile information to the request 



36. The method of claim 33 wherein determining the target server should receive user 
profile information includes querying a database associated with the proxy server to determine if 
the target server should receive user profile information. 

37. The method of claim 33 further comprising receiving a token from the target server 
and providing the token with other requests associatec^with the user profile that are directed to 
the target server. 



38. A system comprising: 
a proxy server to: 
receive a request from a client; 
determine a destination information associated with the refauest; 
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determine a target server associated with information should receive user profile 
information; and 

augment the request by adding encrypted user profile information; and 
to send the augmented request to the target server. 




39. TheV^stem of claim 38 wherein the proxy server is configured to: 
determine \valid public key for the target server; 
encrypt a ses^on key information using the public key; and 
augment the recjUest by adding the encrypted session key. 

40. The system of claim 38 wherein the proxy server is configured to: 
determine a valid public key for the target server; 
encrypt a session key information using the public key; 
encrypt the user profile information using the encrypted session key; 
augment the request by adding^the public key, encrypted session key, and encrypted user 

profile information to the request. 

41 . The system of claim 40 wherein \he proxy server is configured to: 
determine the target server should receive user profile information includes querying a 

database associated with the proxy server to determine if the target server should receive user 
profile information. 



42. The system of claim 41 further comprising a\^rget server wherein the target server is 
configured to: 

store the user profile information; 
send a token to the proxy server; 
receive the token with a subsequent request; and 
access the stored user profile information based on the token. 



